Back to CVE Browser

CVE-2018-2442

HIGH

8.8

CVSS Severity Score

EPSS Score0.0710%

EPSS Percentile37.77th

PublishedAug 14, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.

Affected Platforms (CPE)

📦

Sap

Businessobjects Business Intelligence

= 4.0

📦

Sap

Businessobjects Business Intelligence

= 4.1

📦

Sap

Businessobjects Business Intelligence

= 4.2

📦

Sap

Internet Graphics Server

= 7.20

📦

Sap

Internet Graphics Server

= 7.20ext

📦

Sap

Internet Graphics Server

= 7.45

📦

Sap

Internet Graphics Server

= 7.49

📦

Sap

Internet Graphics Server

= 7.53

References & Advisories

🔗 http://www.securityfocus.com/bid/105078

🔗 https://launchpad.support.sap.com/#/notes/2407193

🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

🔗 http://www.securityfocus.com/bid/105078

🔗 https://launchpad.support.sap.com/#/notes/2407193

🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742

Related Vulnerabilities

CVE-2018-24459.6

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable applic...

CVE-2018-24278.8

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, ...

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...